: Resolving a security issue with my private virtual server When I search for "thelab athome-training" on Google, and click on a link that point to my site (thelab.athome-training.com), I am redirected

When I search for "thelab athome-training" on Google, and click on a link that point to my site (thelab.athome-training.com), I am redirected to grooogle.osa.pl
I googled and found that post:

They said:

The site is doing a conditional redirect when the referrer is Google.

So I check .htaccess and index.php, but can't found something. So I replace all the Drupal files with a fresh download, but no change.

I also did:

dnstracer -v thelab.athome-training.com

But evrything looks fine...

Many questions comes in my mind... How did they do that ? Why ?
How to found the infected file ? How to prevent this from happening again?

Edit

Thank you SkeetOverFlow,

grep -r "eval(base64_decode" *

run from the root of my Drupal install, show my that files from the panel module are infected:

eval(base64_decode("ZXJyb3JfcmVwb3J0aW5nKDAp ...

In all the templates, many times in each file

But the site you link, speak about an issue with php 5.2, and I run php 5.3...

Is it possible that PHP 5.3 is also buggy?

10.02% popularity Vote Up Vote Down

: You are running out of server resources: check your php configuration enable php error display from index.php see if your server meets Magento system requirements this error is also logged to

@Rambettina238

0 Comments

: OpenCart template $module code I am using Opencart 1.5.1 but have a theme made for 1.4.9. The following template code won't work with 1.5.1: <?php foreach ($modules as $module) { ?>

@Rambettina238

Posted in: #Opencart #Php #Theme

2 Comments

: Building a brand around a domain / word that has UK & American spellings I'm trying to decide if I should run with an idea I have for a website, and the domain would contain a word that

@Rambettina238

Posted in: #Branding #Domains

1 Comments

: Remove home page from Google cache The Google Webmaster Tools Remove URL section allows you to specify a page URL to be removed from the index, or cache, or both. However, I want to remove

@Rambettina238

Posted in: #GoogleSearchConsole

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Samaraweera270

This is an attack by hacker to your .htaccess file. normally it happens if you use old buggy version of PHP like PHP 5.2.x Below link will will help your how to resolve. I suggest updating PHP version.
www.question-defense.com/2011/01/08/finditnow-osa-pl-hack-google-search-results-redirect-to-finditnow-osa-pl-instead-of-correct-site
Good luck!

10% popularity Vote Up Vote Down

Feed

: Resolving a security issue with my private virtual server When I search for "thelab athome-training" on Google, and click on a link that point to my site (thelab.athome-training.com), I am redirected

More posts by @Rambettina238

: You are running out of server resources: check your php configuration enable php error display from index.php see if your server meets Magento system requirements this error is also logged to

: OpenCart template $module code I am using Opencart 1.5.1 but have a theme made for 1.4.9. The following template code won't work with 1.5.1: <?php foreach ($modules as $module) { ?>

: Building a brand around a domain / word that has UK & American spellings I'm trying to decide if I should run with an idea I have for a website, and the domain would contain a word that

: Remove home page from Google cache The Google Webmaster Tools Remove URL section allows you to specify a page URL to be removed from the index, or cache, or both. However, I want to remove

Login to post a comment!

1 Comments

Back to top | Use Dark Theme